fix: files sync paste dir out bug

* feat(user-service): update dataStore use redis

* feat(wise): remove from system-frontend
fix(settings): some bugs
fix(files): some bugs

* knowledge: remove knowledge, rss, argo

---------

Co-authored-by: eball <liuy102@hotmail.com>

apps/.olares/config/user/helm-charts/system-apps/templates/system-frontend.yaml

@@ -42,6 +42,14 @@
 {{ $user_service_pg_password = randAlphaNum 16 | b64enc }}
 {{- end -}}
 
+
+{{- $user_service_redis_password := "" -}}
+{{ if $user_service_secret -}}
+{{ $user_service_redis_password = (index $user_service_secret "data" "redis_password") }}
+{{ else -}}
+{{ $user_service_redis_password = randAlphaNum 16 | b64enc }}
+{{- end -}}
+
 {{- $user_service_nats_secret := (lookup "v1" "Secret" $namespace "user-service-nats-secret") -}}
 {{- $nats_password := "" -}}
 {{ if $user_service_nats_secret -}}
@@ -114,22 +122,6 @@ spec:
 ---
 apiVersion: v1
 kind: Service
-metadata:
-  name: wise-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: system-frontend
-  ports:
-    - name: "frontend"
-      protocol: TCP
-      port: 80
-      targetPort: 84
-
----
-apiVersion: v1
-kind: Service
 metadata:
   name: headscale-svc
   namespace: user-space-{{ .Values.bfl.username }}
@@ -254,11 +246,11 @@ metadata:
     applications.app.bytetrade.io/group: 'true'
     applications.app.bytetrade.io/author: bytetrade.io
   annotations:
-    applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","wise":"https://file.bttcdn.com/appstore/rss/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","studio":"https://file.bttcdn.com/appstore/devbox/icon.png","files":"https://file.bttcdn.com/appstore/files/icon.png","vault":"https://file.bttcdn.com/appstore/vault/icon.png","market":"https://file.bttcdn.com/appstore/appstore/icon.png"}'
-    applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","wise":"Wise","headscale":"Headscale","settings":"Settings","studio":"Studio","files":"Files","vault":"Vault","market":"Market"}'
-    applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","wise":"0.0.1","headscale":"0.0.1","settings":"0.0.1","studio":"0.0.1","files":"0.0.1","vault":"0.0.1","market":"0.0.1"}'
+    applications.app.bytetrade.io/icon: '{"dashboard":"https://file.bttcdn.com/appstore/dashboard/icon.png","control-hub":"https://file.bttcdn.com/appstore/control-hub/icon.png","profile":"https://file.bttcdn.com/appstore/profile/icon.png","headscale": "https://file.bttcdn.com/appstore/headscale/icon.png","settings": "https://file.bttcdn.com/appstore/settings/icon.png","studio":"https://file.bttcdn.com/appstore/devbox/icon.png","files":"https://file.bttcdn.com/appstore/files/icon.png","vault":"https://file.bttcdn.com/appstore/vault/icon.png","market":"https://file.bttcdn.com/appstore/appstore/icon.png"}'
+    applications.app.bytetrade.io/title: '{"dashboard": "Dashboard","control-hub":"Control Hub","profile":"Profile","headscale":"Headscale","settings":"Settings","studio":"Studio","files":"Files","vault":"Vault","market":"Market"}'
+    applications.app.bytetrade.io/version: '{"dashboard": "0.0.1","control-hub":"0.0.1","profile":"0.0.1","headscale":"0.0.1","settings":"0.0.1","studio":"0.0.1","files":"0.0.1","vault":"0.0.1","market":"0.0.1"}'
     applications.app.bytetrade.io/policies: '{"dashboard":{"policies":[{"entranceName":"dashboard","uriRegex":"/js/script.js", "level":"public"},{"entranceName":"dashboard","uriRegex":"/js/api/send", "level":"public"}]}}'
-    applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"wise":[{"name":"wise", "host":"wise-svc", "port":80,"title":"Wise","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"studio":[{"name":"studio","host":"studio-svc","port":8080,"title":"Studio","openMethod":"window"}],"files":[{"name":"files", "host":"files-fe-service", "port":80,"title":"Files","windowPushState":true}],"vault":[{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true}],"market":[{"name":"appstore", "host":"appstore-fe-service", "port":80,"title":"Market","windowPushState":true}]}'
+    applications.app.bytetrade.io/entrances: '{"dashboard":[{"name":"dashboard","host":"dashboard-service","port":80,"title":"Dashboard","windowPushState":true}],"control-hub":[{"name":"control-hub","host":"control-hub-service","port":80,"title":"Control Hub","windowPushState":true}],"profile":[{"name":"profile", "host":"profile-service", "port":80,"title":"Profile","windowPushState":true}],"headscale":[{"name":"headscale", "host":"headscale-svc", "port":80,"title":"Headscale","invisible": true}],"settings":[{"name":"settings", "host":"settings-service", "port":80,"title":"Settings"}],"studio":[{"name":"studio","host":"studio-svc","port":8080,"title":"Studio","openMethod":"window"}],"files":[{"name":"files", "host":"files-fe-service", "port":80,"title":"Files","windowPushState":true}],"vault":[{"name":"vault", "host":"vault-service", "port":80,"title":"Vault","windowPushState":true}],"market":[{"name":"appstore", "host":"appstore-fe-service", "port":80,"title":"Market","windowPushState":true}]}'
 spec:
   replicas: 1
   selector:
@@ -270,10 +262,12 @@ spec:
         app: system-frontend
         io.bytetrade.app: "true"
       annotations:
+{{ if .Values.telemetry }}
         instrumentation.opentelemetry.io/inject-nodejs: "olares-instrumentation"
         instrumentation.opentelemetry.io/nodejs-container-names: "user-service"    
         instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
         instrumentation.opentelemetry.io/inject-nginx-container-names: "system-frontend"    
+{{ end }}        
     spec:
       priorityClassName: "system-cluster-critical"
       initContainers:
@@ -351,7 +345,7 @@ spec:
             - name: PGDB
               value: user_space_{{ .Values.bfl.username }}_cloud_drive_integration
         - name: system-frontend-init
-          image: beclab/system-frontend:v1.3.101
+          image: beclab/system-frontend:v1.3.102
           imagePullPolicy: IfNotPresent
           command:
             - /bin/sh
@@ -394,7 +388,6 @@ spec:
             - containerPort: 81
             - containerPort: 82
             - containerPort: 83
-            - containerPort: 84
             - containerPort: 85
             - containerPort: 86
             - containerPort: 88
@@ -474,7 +467,7 @@ spec:
             - name: NATS_SUBJECT_VAULT
               value: os.vault.{{ .Values.bfl.username}}
         - name: user-service
-          image: beclab/user-service:v0.0.20
+          image: beclab/user-service:v0.0.21
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 3000
@@ -540,6 +533,15 @@ spec:
               value: os.knowledge.{{ .Values.bfl.username}}
             - name: NATS_SUBJECT_VAULT
               value: os.vault.{{ .Values.bfl.username}}
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: redis_password
+                  name: user-service-secrets
+            - name: REDIS_HOST
+              value: redis-cluster-proxy.user-system-guotest334
+            - name: REDIS_PORT
+              value: '6379'
               
         - name: drive-server
           image: beclab/drive:v0.0.72
@@ -1253,6 +1255,7 @@ metadata:
 type: Opaque
 data:
   pg_password: {{ $user_service_pg_password }}
+  redis_password: {{ $user_service_redis_password }}
 ---
 apiVersion: v1
 kind: Secret
@@ -1262,6 +1265,7 @@ metadata:
 type: Opaque
 data:
   pg_password: {{ $user_service_pg_password }}
+  redis_password: {{ $user_service_redis_password }}
 ---
 apiVersion: apr.bytetrade.io/v1alpha1
 kind: MiddlewareRequest
@@ -1282,6 +1286,23 @@ spec:
     databases:
     - name: user-service
 ---
+apiVersion: apr.bytetrade.io/v1alpha1
+kind: MiddlewareRequest
+metadata:
+  name: user-service-redis
+  namespace: user-system-{{ .Values.bfl.username }}
+spec:
+  app: user-service
+  appNamespace: user-space-{{ .Values.bfl.username }}
+  middleware: redis
+  redis:
+    password:
+      valueFrom:
+        secretKeyRef:
+          key: redis_password
+          name: user-service-secrets
+    namespace: user-service
+---
 apiVersion: v1
 kind: Service
 metadata:

build/base-package/wizard/config/account/templates/account.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     iam.kubesphere.io/uninitialized: "true"
     helm.sh/resource-policy: keep
-    bytetrade.io/owner-role: platform-admin
+    bytetrade.io/owner-role: owner
     bytetrade.io/terminus-name: "{{.Values.user.terminus_name}}"
     bytetrade.io/launcher-auth-policy: two_factor
     bytetrade.io/launcher-access-level: "1"
@@ -23,4 +23,4 @@ spec:
   groups:
   - lldap_admin
 status:
-  state: Active
+  state: Created

cli/pkg/common/plugins.go

@@ -1,17 +1,16 @@
 package common
 
 const (
-	NamespaceDefault                       = "default"
-	NamespaceKubeNodeLease                 = "kube-node-lease"
-	NamespaceKubePublic                    = "kube-public"
-	NamespaceKubeSystem                    = "kube-system"
-	NamespaceKubekeySystem                 = "kubekey-system"
-	NamespaceKubesphereControlsSystem      = "kubesphere-controls-system"
-	NamespaceKubesphereMonitoringFederated = "kubesphere-monitoring-federated"
-	NamespaceKubesphereMonitoringSystem    = "kubesphere-monitoring-system"
-	NamespaceKubesphereSystem              = "kubesphere-system"
-	NamespaceOsFramework                   = "os-framework"
-	NamespaceOsPlatform                    = "os-platform"
+	NamespaceDefault                    = "default"
+	NamespaceKubeNodeLease              = "kube-node-lease"
+	NamespaceKubePublic                 = "kube-public"
+	NamespaceKubeSystem                 = "kube-system"
+	NamespaceKubekeySystem              = "kubekey-system"
+	NamespaceKubesphereControlsSystem   = "kubesphere-controls-system"
+	NamespaceKubesphereMonitoringSystem = "kubesphere-monitoring-system"
+	NamespaceKubesphereSystem           = "kubesphere-system"
+	NamespaceOsFramework                = "os-framework"
+	NamespaceOsPlatform                 = "os-platform"
 
 	ChartNameRedis               = "redis"
 	ChartNameSnapshotController  = "snapshot-controller"

cli/pkg/kubesphere/plugins/files/build/ks-core-config/values.yaml

@@ -4,8 +4,6 @@
 
 image:
   # Overrides the image tag whose default is the chart appVersion.
-  ks_controller_manager_repo: kubesphere/ks-controller-manager
-  ks_controller_manager_tag: "v3.3.0"
 
   ks_apiserver_repo: beclab/ks-apiserver
   ks_apiserver_tag: "v3.3.0-ext-3"

cli/pkg/kubesphere/plugins/files/build/ks-core/templates/ks-controller-manager.yaml

@@ -1,121 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: ks-controller-manager
-    tier: backend
-    version: {{ .Chart.AppVersion }}
-  name: ks-controller-manager
-spec:
-  strategy:
-    rollingUpdate:
-      maxSurge: 0
-    type: RollingUpdate
-  progressDeadlineSeconds: 600
-  replicas: 1
-  revisionHistoryLimit: 10
-  selector:
-    matchLabels:
-      app: ks-controller-manager
-      tier: backend
-      # version: {{ .Chart.AppVersion }}
-  template:
-    metadata:
-      labels:
-        app: ks-controller-manager
-        tier: backend
-        # version: {{ .Chart.AppVersion }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-      - command:
-        - controller-manager
-        - --logtostderr=true
-        - --leader-elect=false
-        image: beclab/ks-controller-manager:0.0.21
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        name: ks-controller-manager
-        ports:
-        - containerPort: 8080
-          protocol: TCP
-        resources:
-          {{- toYaml .Values.controller.resources | nindent 12 }}
-        volumeMounts:
-        - mountPath: /etc/kubesphere/
-          name: kubesphere-config
-        - mountPath: /etc/localtime
-          name: host-time
-          readOnly: true
-        {{- if .Values.controller.extraVolumeMounts }}
-          {{- toYaml .Values.controller.extraVolumeMounts | nindent 8 }}
-        {{- end }}
-        env:
-        {{- if .Values.env }}
-        {{- toYaml .Values.env | nindent 8 }}
-        {{- end }}
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
-      terminationGracePeriodSeconds: 30
-      volumes:
-      - name: kubesphere-config
-        configMap:
-          name: kubesphere-config
-          defaultMode: 420
-      - hostPath:
-          path: /etc/localtime
-          type: ""
-        name: host-time
-      {{- if .Values.controller.extraVolumes }}
-        {{ toYaml .Values.controller.extraVolumes | nindent 6 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-          - topologyKey: kubernetes.io/hostname
-            labelSelector:
-              matchExpressions:
-              - key: app
-                operator: In
-                values:
-                - ks-controller-manager
-            namespaces:
-            - kubesphere-system
-{{- with .Values.nodeAffinity }}
-        nodeAffinity:
-{{ toYaml . | indent 10 }}
-{{- end }}
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: ks-controller-manager
-    tier: backend
-    version: {{ .Chart.AppVersion }}
-  name: ks-controller-manager
-spec:
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 8443
-  selector:
-    app: ks-controller-manager
-    tier: backend
-    # version: {{ .Chart.AppVersion }}
-  sessionAffinity: None
-  type: ClusterIP

cli/pkg/kubesphere/plugins/files/build/ks-core/values.yaml

@@ -4,8 +4,6 @@
 
 image:
   # Overrides the image tag whose default is the chart appVersion.
-  ks_controller_manager_repo: kubesphere/ks-controller-manager
-  ks_controller_manager_tag: "v3.3.0"
 
   ks_apiserver_repo: beclab/ks-apiserver
   ks_apiserver_tag: "v3.3.0-ext-3"

cli/pkg/kubesphere/plugins/kscore_config.go

@@ -58,12 +58,12 @@ var kscorecrds = []map[string]string{
 		"resource": "default-http-backend",
 		"release":  "ks-core",
 	},
-	{
-		"ns":       "kubesphere-system",
-		"kind":     "secrets",
-		"resource": "ks-controller-manager-webhook-cert",
-		"release":  "ks-core",
-	},
+	//{
+	//	"ns":       "kubesphere-system",
+	//	"kind":     "secrets",
+	//	"resource": "ks-controller-manager-webhook-cert",
+	//	"release":  "ks-core",
+	//},
 	{
 		"ns":       "kubesphere-system",
 		"kind":     "serviceaccounts",
@@ -100,24 +100,24 @@ var kscorecrds = []map[string]string{
 		"resource": "ks-apiserver",
 		"release":  "ks-core",
 	},
-	{
-		"ns":       "kubesphere-system",
-		"kind":     "services",
-		"resource": "ks-controller-manager",
-		"release":  "ks-core",
-	},
+	//{
+	//	"ns":       "kubesphere-system",
+	//	"kind":     "services",
+	//	"resource": "ks-controller-manager",
+	//	"release":  "ks-core",
+	//},
 	{
 		"ns":       "kubesphere-system",
 		"kind":     "deployments",
 		"resource": "ks-apiserver",
 		"release":  "ks-core",
 	},
-	{
-		"ns":       "kubesphere-system",
-		"kind":     "deployments",
-		"resource": "ks-controller-manager",
-		"release":  "ks-core",
-	},
+	//{
+	//	"ns":       "kubesphere-system",
+	//	"kind":     "deployments",
+	//	"resource": "ks-controller-manager",
+	//	"release":  "ks-core",
+	//},
 	//{
 	//	"ns":       "kubesphere-system",
 	//	"kind":     "validatingwebhookconfigurations",

cli/pkg/kubesphere/plugins/tasks.go

@@ -65,7 +65,7 @@ func (t *InitNamespace) Execute(runtime connector.Runtime) error {
 		kubectlpath = path.Join(common.BinDir, common.CommandKubectl)
 	}
 
-	for _, ns := range []string{common.NamespaceKubesphereControlsSystem, common.NamespaceKubesphereMonitoringFederated} {
+	for _, ns := range []string{common.NamespaceKubesphereControlsSystem} {
 		if stdout, err := runtime.GetRunner().Cmd(fmt.Sprintf("%s create ns %s", kubectlpath, ns), false, true); err != nil {
 			if !strings.Contains(stdout, "already exists") {
 				logger.Errorf("create ns %s failed: %v", ns, err)
@@ -98,8 +98,6 @@ func (t *InitNamespace) Execute(runtime connector.Runtime) error {
 		common.NamespaceKubeSystem,
 		common.NamespaceKubekeySystem,
 		common.NamespaceKubesphereControlsSystem,
-		common.NamespaceKubesphereMonitoringFederated,
-		common.NamespaceKubesphereMonitoringSystem,
 		common.NamespaceKubesphereSystem,
 	}
 

cli/pkg/kubesphere/tasks.go

@@ -355,7 +355,7 @@ func (c *Check) Execute(runtime connector.Runtime) error {
 		return fmt.Errorf("kubectl not found")
 	}
 
-	var labels = []string{"app=ks-apiserver", "app=ks-controller-manager"}
+	var labels = []string{"app=ks-apiserver"}
 
 	for _, label := range labels {
 		var cmd = fmt.Sprintf("%s get pod -n %s -l '%s' -o jsonpath='{.items[0].status.phase}'", kubectlpath, common.NamespaceKubesphereSystem, label)

daemon/cmd/terminusd/main.go

@@ -49,10 +49,7 @@ func main() {
 
 	mainCtx, cancel := context.WithCancel(context.Background())
 
-	apis, err := apiserver.NewServer(mainCtx, port)
-	if err != nil {
-		panic(err)
-	}
+	apis := apiserver.NewServer(mainCtx, port)
 
 	if err := state.CheckCurrentStatus(mainCtx); err != nil {
 		klog.Error(err)

daemon/internel/apiserver/handlers/command_group.go

@@ -0,0 +1,83 @@
+package handlers
+
+import (
+	"github.com/beclab/Olares/daemon/internel/apiserver/server"
+	changehost "github.com/beclab/Olares/daemon/pkg/commands/change_host"
+	collectlogs "github.com/beclab/Olares/daemon/pkg/commands/collect_logs"
+	connectwifi "github.com/beclab/Olares/daemon/pkg/commands/connect_wifi"
+	"github.com/beclab/Olares/daemon/pkg/commands/install"
+	mountsmb "github.com/beclab/Olares/daemon/pkg/commands/mount_smb"
+	"github.com/beclab/Olares/daemon/pkg/commands/reboot"
+	"github.com/beclab/Olares/daemon/pkg/commands/shutdown"
+	umountsmb "github.com/beclab/Olares/daemon/pkg/commands/umount_smb"
+	umountusb "github.com/beclab/Olares/daemon/pkg/commands/umount_usb"
+	"github.com/beclab/Olares/daemon/pkg/commands/uninstall"
+	"github.com/beclab/Olares/daemon/pkg/commands/upgrade"
+	"k8s.io/klog/v2"
+)
+
+func init() {
+	s := server.API
+	cmd := s.App.Group("command")
+	cmd.Post("/install", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostTerminusInit, install.New))))
+
+	cmd.Post("/uninstall", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostTerminusUninstall, uninstall.New))))
+
+	cmd.Post("/upgrade", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.RequestOlaresUpgrade, upgrade.NewCreateUpgradeTarget))))
+
+	cmd.Delete("/upgrade", handlers.RequireSignature(
+		handlers.RunCommand(handlers.CancelOlaresUpgrade, upgrade.NewRemoveUpgradeTarget)))
+
+	cmd.Post("/reboot", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostReboot, reboot.New))))
+
+	cmd.Post("/shutdown", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostShutdown, shutdown.New))))
+
+	cmd.Post("/connect-wifi", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostConnectWifi, connectwifi.New))))
+
+	cmd.Post("/change-host", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostChangeHost, changehost.New))))
+
+	cmd.Post("/umount-usb", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostUmountUsb, umountusb.New))))
+
+	cmd.Post("/umount-usb-incluster", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostUmountUsbInCluster, umountusb.New))))
+
+	cmd.Post("/collect-logs", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostCollectLogs, collectlogs.New))))
+
+	cmd.Post("/mount-samba", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostMountSambaDriver, mountsmb.New))))
+
+	cmd.Post("/umount-samba", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostUmountSmb, umountsmb.New))))
+
+	cmd.Post("/umount-samba-incluster", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostUmountSmbInCluster, umountsmb.New))))
+
+	cmdv2 := cmd.Group("v2")
+	cmdv2.Post("/mount-samba", handlers.RequireSignature(
+		handlers.WaitServerRunning(
+			handlers.RunCommand(handlers.PostMountSambaDriverV2, mountsmb.New))))
+
+	klog.Info("command handlers initialized")
+}

daemon/internel/apiserver/handlers/containerd_group.go

@@ -0,0 +1,28 @@
+package handlers
+
+import (
+	"github.com/beclab/Olares/daemon/internel/apiserver/server"
+	"k8s.io/klog/v2"
+)
+
+func init() {
+	s := server.API
+	containerd := s.App.Group("containerd")
+	containerd.Get("/registries", handlers.RequireSignature(handlers.ListRegistries))
+
+	registry := containerd.Group("registry")
+	mirrors := registry.Group("mirrors")
+
+	mirrors.Get("/", handlers.RequireSignature(handlers.GetRegistryMirrors))
+	mirrors.Get("/:registry", handlers.RequireSignature(handlers.GetRegistryMirror))
+	mirrors.Put("/:registry", handlers.RequireSignature(handlers.UpdateRegistryMirror))
+	mirrors.Delete("/:registry", handlers.RequireSignature(handlers.DeleteRegistryMirror))
+
+	image := containerd.Group("images")
+
+	image.Get("/", handlers.RequireSignature(handlers.ListImages))
+	image.Delete("/:image", handlers.RequireSignature(handlers.DeleteImage))
+	image.Post("/prune", handlers.RequireSignature(handlers.PruneImages))
+
+	klog.Info("containerd handlers initialized")
+}

daemon/internel/apiserver/handlers/handler_change_host.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -13,7 +13,7 @@ type ChangeHostReq struct {
 	IP string `json:"ip"`
 }
 
-func (h *handlers) PostChangeHost(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostChangeHost(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req ChangeHostReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_collect_logs.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) PostCollectLogs(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostCollectLogs(ctx *fiber.Ctx, cmd commands.Interface) error {
 	_, err := cmd.Execute(ctx.Context(), nil)
 	if err != nil {
 		klog.Error("execute command error, ", err, ", ", cmd.OperationName().Stirng())

daemon/internel/apiserver/handlers/handler_connect_wifi.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -14,7 +14,7 @@ type ConnectWifiReq struct {
 	SSID     string `json:"ssid"`
 }
 
-func (h *handlers) PostConnectWifi(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostConnectWifi(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req ConnectWifiReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_containerd.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) ListRegistries(ctx *fiber.Ctx) error {
+func (h *Handlers) ListRegistries(ctx *fiber.Ctx) error {
 	images, err := containerd.ListRegistries(ctx)
 	if err != nil {
 		klog.Error("list registries error, ", err)
@@ -17,7 +17,7 @@ func (h *handlers) ListRegistries(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", images)
 }
 
-func (h *handlers) GetRegistryMirrors(ctx *fiber.Ctx) error {
+func (h *Handlers) GetRegistryMirrors(ctx *fiber.Ctx) error {
 	mirrors, err := containerd.GetRegistryMirrors(ctx)
 	if err != nil {
 		klog.Error("get registry mirrors error, ", err)
@@ -27,7 +27,7 @@ func (h *handlers) GetRegistryMirrors(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", mirrors)
 }
 
-func (h *handlers) GetRegistryMirror(ctx *fiber.Ctx) error {
+func (h *Handlers) GetRegistryMirror(ctx *fiber.Ctx) error {
 	mirror, err := containerd.GetRegistryMirror(ctx)
 	if err != nil {
 		klog.Error("get registry mirror error, ", err)
@@ -37,7 +37,7 @@ func (h *handlers) GetRegistryMirror(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", mirror)
 }
 
-func (h *handlers) UpdateRegistryMirror(ctx *fiber.Ctx) error {
+func (h *Handlers) UpdateRegistryMirror(ctx *fiber.Ctx) error {
 	mirror, err := containerd.UpdateRegistryMirror(ctx)
 	if err != nil {
 		klog.Error("update registry mirror error, ", err)
@@ -47,7 +47,7 @@ func (h *handlers) UpdateRegistryMirror(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", mirror)
 }
 
-func (h *handlers) DeleteRegistryMirror(ctx *fiber.Ctx) error {
+func (h *Handlers) DeleteRegistryMirror(ctx *fiber.Ctx) error {
 	if err := containerd.DeleteRegistryMirror(ctx); err != nil {
 		klog.Error("delete registry mirror error, ", err)
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -56,7 +56,7 @@ func (h *handlers) DeleteRegistryMirror(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success")
 }
 
-func (h *handlers) ListImages(ctx *fiber.Ctx) error {
+func (h *Handlers) ListImages(ctx *fiber.Ctx) error {
 	registry := ctx.Query("registry")
 	images, err := containerd.ListImages(ctx, registry)
 	if err != nil {
@@ -66,7 +66,7 @@ func (h *handlers) ListImages(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", images)
 }
 
-func (h *handlers) DeleteImage(ctx *fiber.Ctx) error {
+func (h *Handlers) DeleteImage(ctx *fiber.Ctx) error {
 	if err := containerd.DeleteImage(ctx); err != nil {
 		klog.Error("delete image error, ", err)
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -74,7 +74,7 @@ func (h *handlers) DeleteImage(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success")
 }
 
-func (h *handlers) PruneImages(ctx *fiber.Ctx) error {
+func (h *Handlers) PruneImages(ctx *fiber.Ctx) error {
 	res, err := containerd.PruneImages(ctx)
 	if err != nil {
 		klog.Error("prune images error, ", err)

daemon/internel/apiserver/handlers/handler_hosts.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -9,7 +9,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) GetHostsfile(ctx *fiber.Ctx) error {
+func (h *Handlers) GetHostsfile(ctx *fiber.Ctx) error {
 	items, err := nets.GetHostsFile()
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusServiceUnavailable, err.Error())
@@ -22,7 +22,7 @@ type writeHostsfileReq struct {
 	Items []*nets.HostsItem `json:"items"`
 }
 
-func (h *handlers) PostHostsfile(ctx *fiber.Ctx) error {
+func (h *Handlers) PostHostsfile(ctx *fiber.Ctx) error {
 	var req writeHostsfileReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_ifs.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -21,6 +21,7 @@ type NetIf struct {
 	Strength          *int    `json:"strength,omitempty"`
 	MTU               int     `json:"mtu,omitempty"`
 	InternetConnected *bool   `json:"internetConnected,omitempty"`
+	Hostname          string  `json:"hostname,omitempty"` // Hostname of the device
 
 	Ipv4Gateway      *string  `json:"ipv4Gateway,omitempty"`
 	Ipv6Gateway      *string  `json:"ipv6Gateway,omitempty"`
@@ -34,7 +35,7 @@ type NetIf struct {
 	TxRate           *float64 `json:"txRate,omitempty"` // in bytes per second
 }
 
-func (h *handlers) GetNetIfs(ctx *fiber.Ctx) error {
+func (h *Handlers) GetNetIfs(ctx *fiber.Ctx) error {
 	test := ctx.Query("testConnectivity", "false")
 
 	ifaces, err := nets.GetInternalIpv4Addr(test != "true")
@@ -65,6 +66,7 @@ func (h *handlers) GetNetIfs(ctx *fiber.Ctx) error {
 			IP:       i.IP,
 			IsHostIp: i.IP == hostip,
 			MTU:      i.Iface.MTU,
+			Hostname: host,
 		}
 
 		if wifiDevs != nil {
@@ -137,8 +139,8 @@ func (h *handlers) GetNetIfs(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "", res)
 }
 
-func (h *handlers) findAp(ssid string) *ble.AccessPoint {
-	for _, ap := range h.apList {
+func (h *Handlers) findAp(ssid string) *ble.AccessPoint {
+	for _, ap := range h.ApList {
 		if ap.SSID == ssid {
 			return &ap
 		}

daemon/internel/apiserver/handlers/handler_mount_smb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -15,7 +15,7 @@ type MountReq struct {
 	Password string `json:"password"`
 }
 
-func (h *handlers) PostMountSambaDriver(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostMountSambaDriver(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req MountReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_mount_smb_v2.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -17,7 +17,7 @@ type ListSmbResponse struct {
 	Mounted bool   `json:"mounted"`
 }
 
-func (h *handlers) PostMountSambaDriverV2(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostMountSambaDriverV2(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req MountReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_mounted_hdd.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -9,7 +9,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) getMountedHdd(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
+func (h *Handlers) getMountedHdd(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
 	paths, err := utils.MountedHddPath(ctx.Context())
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -35,11 +35,11 @@ func (h *handlers) getMountedHdd(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *d
 	return h.OkJSON(ctx, "success", res)
 }
 
-func (h *handlers) GetMountedHdd(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedHdd(ctx *fiber.Ctx) error {
 	return h.getMountedHdd(ctx, nil)
 }
 
-func (h *handlers) GetMountedHddInCluster(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedHddInCluster(ctx *fiber.Ctx) error {
 	return h.getMountedHdd(ctx, func(us *disk.UsageStat) *disk.UsageStat {
 		us.Path = nodePathToClusterPath(us.Path)
 		return us

daemon/internel/apiserver/handlers/handler_mounted_path.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -20,7 +20,7 @@ type mountedPath struct {
 	ReadOnly       bool   `json:"read_only"`
 }
 
-func (h *handlers) getMountedPath(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
+func (h *Handlers) getMountedPath(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
 	paths, err := utils.MountedPath(ctx.Context())
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -58,11 +58,11 @@ func (h *handlers) getMountedPath(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *
 	return h.OkJSON(ctx, "success", res)
 }
 
-func (h *handlers) GetMountedPath(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedPath(ctx *fiber.Ctx) error {
 	return h.getMountedPath(ctx, nil)
 }
 
-func (h *handlers) GetMountedPathInCluster(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedPathInCluster(ctx *fiber.Ctx) error {
 	return h.getMountedPath(ctx, func(us *disk.UsageStat) *disk.UsageStat {
 		us.Path = nodePathToClusterPath(us.Path)
 		return us

daemon/internel/apiserver/handlers/handler_mounted_smb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -15,7 +15,7 @@ type mountedSmbPathResponse struct {
 	Device         string `json:"device"`
 }
 
-func (h *handlers) getMountedSmb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
+func (h *Handlers) getMountedSmb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
 	paths, err := utils.MountedSambaPath(ctx.Context())
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -41,11 +41,11 @@ func (h *handlers) getMountedSmb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *d
 	return h.OkJSON(ctx, "success", res)
 }
 
-func (h *handlers) GetMountedSmb(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedSmb(ctx *fiber.Ctx) error {
 	return h.getMountedSmb(ctx, nil)
 }
 
-func (h *handlers) GetMountedSmbInCluster(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedSmbInCluster(ctx *fiber.Ctx) error {
 	return h.getMountedSmb(ctx, func(us *disk.UsageStat) *disk.UsageStat {
 		us.Path = nodePathToClusterPath(us.Path)
 		return us

daemon/internel/apiserver/handlers/handler_mounted_usb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -9,7 +9,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) getMountedUsb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
+func (h *Handlers) getMountedUsb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *disk.UsageStat) error {
 	paths, err := utils.MountedUsbPath(ctx.Context())
 	if err != nil {
 		return h.ErrJSON(ctx, http.StatusInternalServerError, err.Error())
@@ -33,11 +33,11 @@ func (h *handlers) getMountedUsb(ctx *fiber.Ctx, mutate func(*disk.UsageStat) *d
 	return h.OkJSON(ctx, "success", res)
 }
 
-func (h *handlers) GetMountedUsb(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedUsb(ctx *fiber.Ctx) error {
 	return h.getMountedUsb(ctx, nil)
 }
 
-func (h *handlers) GetMountedUsbInCluster(ctx *fiber.Ctx) error {
+func (h *Handlers) GetMountedUsbInCluster(ctx *fiber.Ctx) error {
 	return h.getMountedUsb(ctx, func(us *disk.UsageStat) *disk.UsageStat {
 		us.Path = nodePathToClusterPath(us.Path)
 		return us

daemon/internel/apiserver/handlers/handler_olares_upgrade.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"fmt"
@@ -35,7 +35,7 @@ func (r *UpgradeReq) Check() error {
 	return nil
 }
 
-func (h *handlers) RequestOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) RequestOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UpgradeReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)
@@ -60,7 +60,7 @@ func (h *handlers) RequestOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface)
 	return h.OkJSON(ctx, "successfully created upgrade target")
 }
 
-func (h *handlers) CancelOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) CancelOlaresUpgrade(ctx *fiber.Ctx, cmd commands.Interface) error {
 	if _, err := cmd.Execute(ctx.Context(), nil); err != nil {
 		return h.ErrJSON(ctx, http.StatusBadRequest, err.Error())
 	}

daemon/internel/apiserver/handlers/handler_reboot.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) PostReboot(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostReboot(ctx *fiber.Ctx, cmd commands.Interface) error {
 	_, err := cmd.Execute(ctx.Context(), nil)
 	if err != nil {
 		klog.Error("execute command error, ", err, ", ", cmd.OperationName().Stirng())

daemon/internel/apiserver/handlers/handler_shutdown.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) PostShutdown(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostShutdown(ctx *fiber.Ctx, cmd commands.Interface) error {
 	_, err := cmd.Execute(ctx.Context(), nil)
 	if err != nil {
 		klog.Error("execute command error, ", err, ", ", cmd.OperationName().Stirng())

daemon/internel/apiserver/handlers/handler_terminus_init.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -16,7 +16,7 @@ type TerminusInitReq struct {
 	Domain   string `json:"domain"`
 }
 
-func (h *handlers) PostTerminusInit(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostTerminusInit(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req TerminusInitReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_terminus_state.go

@@ -1,10 +1,10 @@
-package apiserver
+package handlers
 
 import (
 	"github.com/beclab/Olares/daemon/pkg/cluster/state"
 	"github.com/gofiber/fiber/v2"
 )
 
-func (h *handlers) GetTerminusState(ctx *fiber.Ctx) error {
+func (h *Handlers) GetTerminusState(ctx *fiber.Ctx) error {
 	return h.OkJSON(ctx, "success", state.CurrentState)
 }

daemon/internel/apiserver/handlers/handler_terminus_uninstall.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -8,7 +8,7 @@ import (
 	"k8s.io/klog/v2"
 )
 
-func (h *handlers) PostTerminusUninstall(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostTerminusUninstall(ctx *fiber.Ctx, cmd commands.Interface) error {
 	// run in background
 	_, err := cmd.Execute(h.mainCtx, nil)
 

daemon/internel/apiserver/handlers/handler_umount_smb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -13,7 +13,7 @@ type UmountSmbReq struct {
 	Path string ``
 }
 
-func (h *handlers) umountSmbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathInNode string) error {
+func (h *Handlers) umountSmbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathInNode string) error {
 	_, err := cmd.Execute(ctx.Context(), &umountsmb.Param{
 		MountPath: pathInNode,
 	})
@@ -25,7 +25,7 @@ func (h *handlers) umountSmbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathI
 	return h.OkJSON(ctx, "success to umount")
 }
 
-func (h *handlers) PostUmountSmb(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostUmountSmb(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UmountSmbReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)
@@ -38,7 +38,7 @@ func (h *handlers) PostUmountSmb(ctx *fiber.Ctx, cmd commands.Interface) error {
 	return h.umountSmbInNode(ctx, cmd, req.Path)
 }
 
-func (h *handlers) PostUmountSmbInCluster(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostUmountSmbInCluster(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UmountSmbReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handler_umount_usb.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -13,7 +13,7 @@ type UmountReq struct {
 	Path string ``
 }
 
-func (h *handlers) umountUsbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathInNode string) error {
+func (h *Handlers) umountUsbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathInNode string) error {
 	_, err := cmd.Execute(ctx.Context(), &umountusb.Param{
 		Path: pathInNode,
 	})
@@ -25,7 +25,7 @@ func (h *handlers) umountUsbInNode(ctx *fiber.Ctx, cmd commands.Interface, pathI
 	return h.OkJSON(ctx, "success to umount")
 }
 
-func (h *handlers) PostUmountUsb(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostUmountUsb(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UmountReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)
@@ -38,7 +38,7 @@ func (h *handlers) PostUmountUsb(ctx *fiber.Ctx, cmd commands.Interface) error {
 	return h.umountUsbInNode(ctx, cmd, req.Path)
 }
 
-func (h *handlers) PostUmountUsbInCluster(ctx *fiber.Ctx, cmd commands.Interface) error {
+func (h *Handlers) PostUmountUsbInCluster(ctx *fiber.Ctx, cmd commands.Interface) error {
 	var req UmountReq
 	if err := h.ParseBody(ctx, &req); err != nil {
 		klog.Error("parse request error, ", err)

daemon/internel/apiserver/handlers/handlers.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"context"
@@ -10,12 +10,19 @@ import (
 	"github.com/gofiber/fiber/v2"
 )
 
-type handlers struct {
+type Handlers struct {
 	mainCtx context.Context
-	apList  []ble.AccessPoint
+	ApList  []ble.AccessPoint
 }
 
-func (h *handlers) ParseBody(ctx *fiber.Ctx, value any) error {
+var handlers *Handlers = &Handlers{}
+
+func NewHandlers(ctx context.Context) *Handlers {
+	handlers.mainCtx = ctx
+	return handlers
+}
+
+func (h *Handlers) ParseBody(ctx *fiber.Ctx, value any) error {
 	err := ctx.BodyParser(value)
 
 	if err != nil {
@@ -35,7 +42,7 @@ func (h *handlers) ParseBody(ctx *fiber.Ctx, value any) error {
 	return nil
 }
 
-func (h *handlers) ErrJSON(ctx *fiber.Ctx, code int, message string, data ...interface{}) error {
+func (h *Handlers) ErrJSON(ctx *fiber.Ctx, code int, message string, data ...interface{}) error {
 	switch len(data) {
 	case 0:
 		return ctx.Status(code).JSON(fiber.Map{
@@ -58,10 +65,10 @@ func (h *handlers) ErrJSON(ctx *fiber.Ctx, code int, message string, data ...int
 
 }
 
-func (h *handlers) OkJSON(ctx *fiber.Ctx, message string, data ...interface{}) error {
+func (h *Handlers) OkJSON(ctx *fiber.Ctx, message string, data ...interface{}) error {
 	return h.ErrJSON(ctx, http.StatusOK, message, data...)
 }
 
-func (h *handlers) NeedChoiceJSON(ctx *fiber.Ctx, message string, data ...interface{}) error {
+func (h *Handlers) NeedChoiceJSON(ctx *fiber.Ctx, message string, data ...interface{}) error {
 	return h.ErrJSON(ctx, http.StatusMultipleChoices, message, data...)
 }

daemon/internel/apiserver/handlers/in_cluster.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"path/filepath"

daemon/internel/apiserver/handlers/middlewares.go

@@ -1,4 +1,4 @@
-package apiserver
+package handlers
 
 import (
 	"net/http"
@@ -13,7 +13,7 @@ const (
 	SIGNATURE_HEADER = "X-Signature"
 )
 
-func (h *handlers) WaitServerRunning(next func(ctx *fiber.Ctx) error) func(ctx *fiber.Ctx) error {
+func (h *Handlers) WaitServerRunning(next func(ctx *fiber.Ctx) error) func(ctx *fiber.Ctx) error {
 	return func(ctx *fiber.Ctx) error {
 		if state.CurrentState.TerminusdState != state.Running {
 			return h.ErrJSON(ctx, http.StatusForbidden, "server is not running, please wait and retry again later")
@@ -23,7 +23,7 @@ func (h *handlers) WaitServerRunning(next func(ctx *fiber.Ctx) error) func(ctx *
 	}
 }
 
-func (h *handlers) RequireSignature(next func(ctx *fiber.Ctx) error) func(ctx *fiber.Ctx) error {
+func (h *Handlers) RequireSignature(next func(ctx *fiber.Ctx) error) func(ctx *fiber.Ctx) error {
 	return func(ctx *fiber.Ctx) error {
 		headers := ctx.GetReqHeaders()
 		signature, ok := headers[SIGNATURE_HEADER]
@@ -42,7 +42,7 @@ func (h *handlers) RequireSignature(next func(ctx *fiber.Ctx) error) func(ctx *f
 	}
 }
 
-func (h *handlers) RunCommand(next func(ctx *fiber.Ctx, cmd commands.Interface) error,
+func (h *Handlers) RunCommand(next func(ctx *fiber.Ctx, cmd commands.Interface) error,
 	cmdNew func() commands.Interface) func(ctx *fiber.Ctx) error {
 
 	return func(ctx *fiber.Ctx) error {

daemon/internel/apiserver/handlers/system_group.go

@@ -0,0 +1,25 @@
+package handlers
+
+import (
+	"github.com/beclab/Olares/daemon/internel/apiserver/server"
+	"k8s.io/klog/v2"
+)
+
+func init() {
+	s := server.API
+	system := s.App.Group("system")
+	system.Get("/status", handlers.RequireSignature(handlers.GetTerminusState))
+	system.Get("/ifs", handlers.RequireSignature(handlers.GetNetIfs))
+	system.Get("/hosts-file", handlers.RequireSignature(handlers.GetHostsfile))
+	system.Post("/hosts-file", handlers.RequireSignature(handlers.PostHostsfile))
+	system.Get("/mounted-usb", handlers.RequireSignature(handlers.GetMountedUsb))
+	system.Get("/mounted-hdd", handlers.RequireSignature(handlers.GetMountedHdd))
+	system.Get("/mounted-smb", handlers.RequireSignature(handlers.GetMountedSmb))
+	system.Get("/mounted-path", handlers.RequireSignature(handlers.GetMountedPath))
+	system.Get("/mounted-usb-incluster", handlers.RequireSignature(handlers.GetMountedUsbInCluster))
+	system.Get("/mounted-hdd-incluster", handlers.RequireSignature(handlers.GetMountedHddInCluster))
+	system.Get("/mounted-smb-incluster", handlers.RequireSignature(handlers.GetMountedSmbInCluster))
+	system.Get("/mounted-path-incluster", handlers.RequireSignature(handlers.GetMountedPathInCluster))
+
+	klog.Info("system handlers initialized")
+}

daemon/internel/apiserver/server.go

@@ -2,146 +2,26 @@ package apiserver
 
 import (
 	"context"
-	"fmt"
 
+	"github.com/beclab/Olares/daemon/internel/apiserver/handlers"
+	"github.com/beclab/Olares/daemon/internel/apiserver/server"
 	"github.com/beclab/Olares/daemon/internel/ble"
-	changehost "github.com/beclab/Olares/daemon/pkg/commands/change_host"
-	collectlogs "github.com/beclab/Olares/daemon/pkg/commands/collect_logs"
-	connectwifi "github.com/beclab/Olares/daemon/pkg/commands/connect_wifi"
-	"github.com/beclab/Olares/daemon/pkg/commands/install"
-	mountsmb "github.com/beclab/Olares/daemon/pkg/commands/mount_smb"
-	"github.com/beclab/Olares/daemon/pkg/commands/reboot"
-	"github.com/beclab/Olares/daemon/pkg/commands/shutdown"
-	umountsmb "github.com/beclab/Olares/daemon/pkg/commands/umount_smb"
-	umountusb "github.com/beclab/Olares/daemon/pkg/commands/umount_usb"
-	"github.com/beclab/Olares/daemon/pkg/commands/uninstall"
-	"github.com/beclab/Olares/daemon/pkg/commands/upgrade"
-	"github.com/gofiber/fiber/v2"
 	"github.com/gofiber/fiber/v2/middleware/cors"
 	"github.com/gofiber/fiber/v2/middleware/logger"
-	"k8s.io/klog/v2"
 )
 
-type server struct {
-	handlers *handlers
-	port     int
-	app      *fiber.App
-}
+func NewServer(ctx context.Context, port int) *server.Server {
+	server.API.Port = port
+	h := handlers.NewHandlers(ctx)
 
-func NewServer(ctx context.Context, port int) (*server, error) {
-	return &server{handlers: &handlers{mainCtx: ctx}, port: port}, nil
-}
-
-func (s *server) Start() error {
-	app := fiber.New()
-	s.app = app
-
-	app.Use(cors.New())
-	app.Use(logger.New())
-
-	cmd := app.Group("command")
-	cmd.Post("/install", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostTerminusInit, install.New))))
-
-	cmd.Post("/uninstall", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostTerminusUninstall, uninstall.New))))
-
-	cmd.Post("/upgrade", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.RequestOlaresUpgrade, upgrade.NewCreateUpgradeTarget))))
-
-	cmd.Delete("/upgrade", s.handlers.RequireSignature(
-		s.handlers.RunCommand(s.handlers.CancelOlaresUpgrade, upgrade.NewRemoveUpgradeTarget)))
-
-	cmd.Post("/reboot", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostReboot, reboot.New))))
-
-	cmd.Post("/shutdown", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostShutdown, shutdown.New))))
-
-	cmd.Post("/connect-wifi", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostConnectWifi, connectwifi.New))))
-
-	cmd.Post("/change-host", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostChangeHost, changehost.New))))
-
-	cmd.Post("/umount-usb", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostUmountUsb, umountusb.New))))
-
-	cmd.Post("/umount-usb-incluster", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostUmountUsbInCluster, umountusb.New))))
-
-	cmd.Post("/collect-logs", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostCollectLogs, collectlogs.New))))
-
-	cmd.Post("/mount-samba", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostMountSambaDriver, mountsmb.New))))
-
-	cmd.Post("/umount-samba", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostUmountSmb, umountsmb.New))))
-
-	cmd.Post("/umount-samba-incluster", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostUmountSmbInCluster, umountsmb.New))))
-
-	cmdv2 := cmd.Group("v2")
-	cmdv2.Post("/mount-samba", s.handlers.RequireSignature(
-		s.handlers.WaitServerRunning(
-			s.handlers.RunCommand(s.handlers.PostMountSambaDriverV2, mountsmb.New))))
-
-	system := app.Group("system")
-	system.Get("/status", s.handlers.RequireSignature(s.handlers.GetTerminusState))
-	system.Get("/ifs", s.handlers.RequireSignature(s.handlers.GetNetIfs))
-	system.Get("/hosts-file", s.handlers.RequireSignature(s.handlers.GetHostsfile))
-	system.Post("/hosts-file", s.handlers.RequireSignature(s.handlers.PostHostsfile))
-	system.Get("/mounted-usb", s.handlers.RequireSignature(s.handlers.GetMountedUsb))
-	system.Get("/mounted-hdd", s.handlers.RequireSignature(s.handlers.GetMountedHdd))
-	system.Get("/mounted-smb", s.handlers.RequireSignature(s.handlers.GetMountedSmb))
-	system.Get("/mounted-path", s.handlers.RequireSignature(s.handlers.GetMountedPath))
-	system.Get("/mounted-usb-incluster", s.handlers.RequireSignature(s.handlers.GetMountedUsbInCluster))
-	system.Get("/mounted-hdd-incluster", s.handlers.RequireSignature(s.handlers.GetMountedHddInCluster))
-	system.Get("/mounted-smb-incluster", s.handlers.RequireSignature(s.handlers.GetMountedSmbInCluster))
-	system.Get("/mounted-path-incluster", s.handlers.RequireSignature(s.handlers.GetMountedPathInCluster))
-
-	containerd := app.Group("containerd")
-	containerd.Get("/registries", s.handlers.RequireSignature(s.handlers.ListRegistries))
-
-	registry := containerd.Group("registry")
-	mirrors := registry.Group("mirrors")
-
-	mirrors.Get("/", s.handlers.RequireSignature(s.handlers.GetRegistryMirrors))
-	mirrors.Get("/:registry", s.handlers.RequireSignature(s.handlers.GetRegistryMirror))
-	mirrors.Put("/:registry", s.handlers.RequireSignature(s.handlers.UpdateRegistryMirror))
-	mirrors.Delete("/:registry", s.handlers.RequireSignature(s.handlers.DeleteRegistryMirror))
-
-	image := containerd.Group("images")
-
-	image.Get("/", s.handlers.RequireSignature(s.handlers.ListImages))
-	image.Delete("/:image", s.handlers.RequireSignature(s.handlers.DeleteImage))
-	image.Post("/prune", s.handlers.RequireSignature(s.handlers.PruneImages))
-
-	return app.Listen(fmt.Sprintf(":%d", s.port))
-}
-
-func (s *server) Shutdown() error {
-	klog.Info("shutdown api server")
-	if s.app == nil {
-		return nil
+	server.API.UpdateAps = func(aplist []ble.AccessPoint) {
+		h.ApList = aplist
 	}
-	return s.app.Shutdown()
-}
 
-func (s *server) UpdateAps(aplist []ble.AccessPoint) {
-	s.handlers.apList = aplist
+	s := server.API
+
+	s.App.Use(cors.New())
+	s.App.Use(logger.New())
+
+	return s
 }

daemon/internel/apiserver/server/api.go

@@ -0,0 +1,31 @@
+package server
+
+import (
+	"fmt"
+
+	"github.com/beclab/Olares/daemon/internel/ble"
+	"github.com/gofiber/fiber/v2"
+	"k8s.io/klog/v2"
+)
+
+type Server struct {
+	Port      int
+	App       *fiber.App
+	UpdateAps func(aplist []ble.AccessPoint)
+}
+
+var API *Server = &Server{
+	App: fiber.New(),
+}
+
+func (s *Server) Start() error {
+	return s.App.Listen(fmt.Sprintf(":%d", s.Port))
+}
+
+func (s *Server) Shutdown() error {
+	klog.Info("shutdown api server")
+	if s.App == nil {
+		return nil
+	}
+	return s.App.Shutdown()
+}

framework/app-service/.olares/config/cluster/deploy/appservice_deploy.yaml

@@ -163,7 +163,7 @@ spec:
       priorityClassName: "system-cluster-critical"
       containers:
       - name: app-service
-        image: beclab/app-service:0.3.50
+        image: beclab/app-service:0.3.52
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 0

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_clusterworkflowtemplates.yaml

@@ -1,38 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterworkflowtemplates.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: ClusterWorkflowTemplate
-    listKind: ClusterWorkflowTemplateList
-    plural: clusterworkflowtemplates
-    shortNames:
-    - clusterwftmpl
-    - cwft
-    singular: clusterworkflowtemplate
-  scope: Cluster
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_cronworkflows.yaml

@@ -1,42 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: cronworkflows.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: CronWorkflow
-    listKind: CronWorkflowList
-    plural: cronworkflows
-    shortNames:
-    - cwf
-    - cronwf
-    singular: cronworkflow
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflowartifactgctasks.yaml

@@ -1,43 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowartifactgctasks.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowArtifactGCTask
-    listKind: WorkflowArtifactGCTaskList
-    plural: workflowartifactgctasks
-    shortNames:
-      - wfat
-    singular: workflowartifactgctask
-  scope: Namespaced
-  versions:
-    - name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          properties:
-            apiVersion:
-              type: string
-            kind:
-              type: string
-            metadata:
-              type: object
-            spec:
-              type: object
-              x-kubernetes-map-type: atomic
-              x-kubernetes-preserve-unknown-fields: true
-            status:
-              type: object
-              x-kubernetes-map-type: atomic
-              x-kubernetes-preserve-unknown-fields: true
-          required:
-            - metadata
-            - spec
-          type: object
-      served: true
-      storage: true
-      subresources:
-        status: {}

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workfloweventbindings.yaml

@@ -1,37 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workfloweventbindings.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowEventBinding
-    listKind: WorkflowEventBindingList
-    plural: workfloweventbindings
-    shortNames:
-    - wfeb
-    singular: workfloweventbinding
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflows.yaml

@@ -1,57 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflows.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: Workflow
-    listKind: WorkflowList
-    plural: workflows
-    shortNames:
-    - wf
-    singular: workflow
-  scope: Namespaced
-  versions:
-  - additionalPrinterColumns:
-    - description: Status of the workflow
-      jsonPath: .status.phase
-      name: Status
-      type: string
-    - description: When the workflow was started
-      format: date-time
-      jsonPath: .status.startedAt
-      name: Age
-      type: date
-    - description: Human readable message indicating details about why the workflow
-        is in this condition.
-      jsonPath: .status.message
-      name: Message
-      type: string
-    name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources: {}

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflowtaskresults.yaml

@@ -1,599 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtaskresults.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowTaskResult
-    listKind: WorkflowTaskResultList
-    plural: workflowtaskresults
-    singular: workflowtaskresult
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          message:
-            type: string
-          metadata:
-            type: object
-          outputs:
-            properties:
-              artifacts:
-                items:
-                  properties:
-                    archive:
-                      properties:
-                        none:
-                          type: object
-                        tar:
-                          properties:
-                            compressionLevel:
-                              format: int32
-                              type: integer
-                          type: object
-                        zip:
-                          type: object
-                      type: object
-                    archiveLogs:
-                      type: boolean
-                    artifactGC:
-                      properties:
-                        podMetadata:
-                          properties:
-                            annotations:
-                              additionalProperties:
-                                type: string
-                              type: object
-                            labels:
-                              additionalProperties:
-                                type: string
-                              type: object
-                          type: object
-                        serviceAccountName:
-                          type: string
-                        strategy:
-                          enum:
-                          - ""
-                          - OnWorkflowCompletion
-                          - OnWorkflowDeletion
-                          - Never
-                          type: string
-                      type: object
-                    artifactory:
-                      properties:
-                        passwordSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        url:
-                          type: string
-                        usernameSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                      required:
-                      - url
-                      type: object
-                    azure:
-                      properties:
-                        accountKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        blob:
-                          type: string
-                        container:
-                          type: string
-                        endpoint:
-                          type: string
-                        useSDKCreds:
-                          type: boolean
-                      required:
-                      - blob
-                      - container
-                      - endpoint
-                      type: object
-                    deleted:
-                      type: boolean
-                    from:
-                      type: string
-                    fromExpression:
-                      type: string
-                    gcs:
-                      properties:
-                        bucket:
-                          type: string
-                        key:
-                          type: string
-                        serviceAccountKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                      required:
-                      - key
-                      type: object
-                    git:
-                      properties:
-                        branch:
-                          type: string
-                        depth:
-                          format: int64
-                          type: integer
-                        disableSubmodules:
-                          type: boolean
-                        fetch:
-                          items:
-                            type: string
-                          type: array
-                        insecureIgnoreHostKey:
-                          type: boolean
-                        passwordSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        repo:
-                          type: string
-                        revision:
-                          type: string
-                        singleBranch:
-                          type: boolean
-                        sshPrivateKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        usernameSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                      required:
-                      - repo
-                      type: object
-                    globalName:
-                      type: string
-                    hdfs:
-                      properties:
-                        addresses:
-                          items:
-                            type: string
-                          type: array
-                        force:
-                          type: boolean
-                        hdfsUser:
-                          type: string
-                        krbCCacheSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        krbConfigConfigMap:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        krbKeytabSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        krbRealm:
-                          type: string
-                        krbServicePrincipalName:
-                          type: string
-                        krbUsername:
-                          type: string
-                        path:
-                          type: string
-                      required:
-                      - path
-                      type: object
-                    http:
-                      properties:
-                        auth:
-                          properties:
-                            basicAuth:
-                              properties:
-                                passwordSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                usernameSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                            clientCert:
-                              properties:
-                                clientCertSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                clientKeySecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                            oauth2:
-                              properties:
-                                clientIDSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                clientSecretSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                                endpointParams:
-                                  items:
-                                    properties:
-                                      key:
-                                        type: string
-                                      value:
-                                        type: string
-                                    required:
-                                    - key
-                                    type: object
-                                  type: array
-                                scopes:
-                                  items:
-                                    type: string
-                                  type: array
-                                tokenURLSecret:
-                                  properties:
-                                    key:
-                                      type: string
-                                    name:
-                                      type: string
-                                    optional:
-                                      type: boolean
-                                  required:
-                                  - key
-                                  type: object
-                              type: object
-                          type: object
-                        headers:
-                          items:
-                            properties:
-                              name:
-                                type: string
-                              value:
-                                type: string
-                            required:
-                            - name
-                            - value
-                            type: object
-                          type: array
-                        url:
-                          type: string
-                      required:
-                      - url
-                      type: object
-                    mode:
-                      format: int32
-                      type: integer
-                    name:
-                      type: string
-                    optional:
-                      type: boolean
-                    oss:
-                      properties:
-                        accessKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        bucket:
-                          type: string
-                        createBucketIfNotPresent:
-                          type: boolean
-                        endpoint:
-                          type: string
-                        key:
-                          type: string
-                        lifecycleRule:
-                          properties:
-                            markDeletionAfterDays:
-                              format: int32
-                              type: integer
-                            markInfrequentAccessAfterDays:
-                              format: int32
-                              type: integer
-                          type: object
-                        secretKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        securityToken:
-                          type: string
-                        useSDKCreds:
-                          type: boolean
-                      required:
-                      - key
-                      type: object
-                    path:
-                      type: string
-                    raw:
-                      properties:
-                        data:
-                          type: string
-                      required:
-                      - data
-                      type: object
-                    recurseMode:
-                      type: boolean
-                    s3:
-                      properties:
-                        accessKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        bucket:
-                          type: string
-                        caSecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        createBucketIfNotPresent:
-                          properties:
-                            objectLocking:
-                              type: boolean
-                          type: object
-                        encryptionOptions:
-                          properties:
-                            enableEncryption:
-                              type: boolean
-                            kmsEncryptionContext:
-                              type: string
-                            kmsKeyId:
-                              type: string
-                            serverSideCustomerKeySecret:
-                              properties:
-                                key:
-                                  type: string
-                                name:
-                                  type: string
-                                optional:
-                                  type: boolean
-                              required:
-                              - key
-                              type: object
-                          type: object
-                        endpoint:
-                          type: string
-                        insecure:
-                          type: boolean
-                        key:
-                          type: string
-                        region:
-                          type: string
-                        roleARN:
-                          type: string
-                        secretKeySecret:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        useSDKCreds:
-                          type: boolean
-                      type: object
-                    subPath:
-                      type: string
-                  required:
-                  - name
-                  type: object
-                type: array
-              exitCode:
-                type: string
-              parameters:
-                items:
-                  properties:
-                    default:
-                      type: string
-                    description:
-                      type: string
-                    enum:
-                      items:
-                        type: string
-                      type: array
-                    globalName:
-                      type: string
-                    name:
-                      type: string
-                    value:
-                      type: string
-                    valueFrom:
-                      properties:
-                        configMapKeyRef:
-                          properties:
-                            key:
-                              type: string
-                            name:
-                              type: string
-                            optional:
-                              type: boolean
-                          required:
-                          - key
-                          type: object
-                        default:
-                          type: string
-                        event:
-                          type: string
-                        expression:
-                          type: string
-                        jqFilter:
-                          type: string
-                        jsonPath:
-                          type: string
-                        parameter:
-                          type: string
-                        path:
-                          type: string
-                        supplied:
-                          type: object
-                      type: object
-                  required:
-                  - name
-                  type: object
-                type: array
-              result:
-                type: string
-            type: object
-          phase:
-            type: string
-          progress:
-            type: string
-        required:
-        - metadata
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflowtasksets.yaml

@@ -1,43 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtasksets.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowTaskSet
-    listKind: WorkflowTaskSetList
-    plural: workflowtasksets
-    shortNames:
-    - wfts
-    singular: workflowtaskset
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-          status:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}

framework/argo-workflow/.olares/config/cluster/crds/argoproj.io_workflowtemplates.yaml

@@ -1,37 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: workflowtemplates.argoproj.io
-  annotations:
-    "helm.sh/resource-policy": keep
-spec:
-  group: argoproj.io
-  names:
-    kind: WorkflowTemplate
-    listKind: WorkflowTemplateList
-    plural: workflowtemplates
-    shortNames:
-    - wftmpl
-    singular: workflowtemplate
-  scope: Namespaced
-  versions:
-  - name: v1alpha1
-    schema:
-      openAPIV3Schema:
-        properties:
-          apiVersion:
-            type: string
-          kind:
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-            x-kubernetes-map-type: atomic
-            x-kubernetes-preserve-unknown-fields: true
-        required:
-        - metadata
-        - spec
-        type: object
-    served: true
-    storage: true

framework/argo-workflow/.olares/config/cluster/deploy/argo-task.yaml

@@ -1,67 +0,0 @@
-{{- $namespace := printf "%s" "os-framework" -}}
-{{- $rss_secret := (lookup "v1" "Secret" $namespace "rss-secrets") -}}
-{{- $password := "" -}}
-{{ if $rss_secret -}}
-{{ $password = (index $rss_secret "data" "pg_password") }}
-{{ else -}}
-{{ $password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password := "" -}}
-{{ if $rss_secret -}}
-{{ $redis_password = (index $rss_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-
-{{- $redis_password_data := "" -}}
-{{ $redis_password_data = $redis_password | b64dec }}
-
-{{- $pg_password_data := "" -}}
-{{ $pg_password_data = $password | b64dec }}
-
-{{- $pg_user :=  printf "%s" "argo_os_framework" -}}
-{{- $pg_user = $pg_user | b64enc -}}
-
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rss-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  pg_user: {{ $pg_user }}
-  pg_password: {{ $password }}
-  redis_password: {{ $redis_password }}
-
----
-
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: rss-pg
-  namespace: {{ .Release.Namespace }}
-spec:
-  app: rss
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: argo_os_framework
-    password: 
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: rss-secrets
-    databases:
-    - name: rss
-    - name: rss_v1
-    - name: argo
-
-
-
-
-
-    

framework/argo-workflow/.olares/config/cluster/deploy/server-cluster-roles.yaml

@@ -1,94 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflows
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - events
-  verbs:
-  - get
-  - watch
-  - list
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - get
-  - list
-  - watch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - pods/log
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - watch
-  - create
-  - patch
-- apiGroups:
-    - argoproj.io
-  resources:
-    - eventsources
-    - sensors
-    - workflows
-    - workfloweventbindings
-    - workflowtemplates
-    - cronworkflows
-  verbs:
-    - create
-    - get
-    - list
-    - watch
-    - update
-    - patch
-    - delete
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflows-cluster-template
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - clusterworkflowtemplates
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete

framework/argo-workflow/.olares/config/cluster/deploy/server-crb.yaml

@@ -1,26 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:argoworkflows
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argoworkflows
-subjects:
-  - kind: ServiceAccount
-    name: argoworkflows
-    namespace: {{ .Release.Namespace }}
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:argoworkflows-cluster-template
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argoworkflows-cluster-template
-subjects:
-  - kind: ServiceAccount
-    name: argoworkflows
-    namespace: {{ .Release.Namespace }}

framework/argo-workflow/.olares/config/cluster/deploy/server-deployment.yaml

@@ -1,86 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argoworkflows
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: argoworkflows
-    applications.app.bytetrade.io/author: bytetrade.io
-    app.kubernetes.io/managed-by: Helm
-  annotations:
-    applications.app.bytetrade.io/icon: https://argoproj.github.io/argo-workflows/assets/logo.png
-    applications.app.bytetrade.io/title: argoworkflows
-    applications.app.bytetrade.io/version: '0.35.0'
-spec:
-  selector:
-    matchLabels:
-      app: argoworkflows
-  template:
-    metadata:
-      labels:
-        app: argoworkflows
-    spec:
-      serviceAccountName: argoworkflows
-      containers:
-        - name: argo-server
-          image: quay.io/argoproj/argocli:v3.5.0
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-          args:
-            - server
-            - --configmap=argoworkflow-workflow-controller-configmap
-            - "--auth-mode=server"
-            - "--secure=false"
-            - "--x-frame-options="
-            - "--loglevel"
-            - "debug"
-            - "--gloglevel"
-            - "0"
-            - "--log-format"
-            - "text"
-          ports:
-            - name: web
-              containerPort: 2746
-          readinessProbe:
-            httpGet:
-              path: /
-              port: 2746
-              scheme: HTTP
-            initialDelaySeconds: 10
-            periodSeconds: 20
-          env:
-            - name: IN_CLUSTER
-              value: "true"
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: BASE_HREF
-              value: /
-          volumeMounts:
-            - name: tmp
-              mountPath: /tmp
-        
-      volumes:
-        - name: tmp
-          emptyDir: {}
-      nodeSelector:
-        kubernetes.io/os: linux
-      tolerations:
-        - key: node.kubernetes.io/not-ready
-          operator: Exists
-          effect: NoExecute
-          tolerationSeconds: 300
-        - key: node.kubernetes.io/unreachable
-          operator: Exists
-          effect: NoExecute
-          tolerationSeconds: 300
-      
-

framework/argo-workflow/.olares/config/cluster/deploy/server-sa.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: argoworkflows
-  namespace: {{ .Release.Namespace }}
-  

framework/argo-workflow/.olares/config/cluster/deploy/server-service.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: argoworkflows-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  ports:
-  - port: 2746
-    name: http
-    protocol: TCP
-    targetPort: 2746
-  selector:
-    app: argoworkflows
-  sessionAffinity: None
-  type: ClusterIP
-  

framework/argo-workflow/.olares/config/cluster/deploy/workflow-aggregate-roles.yaml

@@ -1,105 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-view
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: workflow-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workfloweventbindings
-  - workfloweventbindings/finalizers
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  - cronworkflows
-  - cronworkflows/finalizers
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - get
-  - list
-  - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-edit
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workfloweventbindings
-  - workfloweventbindings/finalizers
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  - cronworkflows
-  - cronworkflows/finalizers
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - update
-  - watch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-admin
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-server
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: server
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workfloweventbindings
-  - workfloweventbindings/finalizers
-  - workflowtasksets
-  - workflowtasksets/finalizers
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  - cronworkflows
-  - cronworkflows/finalizers
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - create
-  - delete
-  - deletecollection
-  - get
-  - list
-  - patch
-  - update
-  - watch

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-cluster-roles.yaml

@@ -1,178 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-workflow-controller
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: workflow-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - pods/exec
-  verbs:
-  - create
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - persistentvolumeclaims
-  - persistentvolumeclaims/finalizers
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflows
-  - workflows/finalizers
-  - workflowtasksets
-  - workflowtasksets/finalizers
-  - workflowartifactgctasks
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-  - create
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflowtemplates
-  - workflowtemplates/finalizers
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - argoproj.io
-  resources:
-  - workflowtaskresults
-  - workflowtaskresults/finalizers
-  verbs:
-  - list
-  - watch
-  - deletecollection
-- apiGroups:
-  - argoproj.io
-  resources:
-  - cronworkflows
-  - cronworkflows/finalizers
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-  - list
-- apiGroups:
-  - "policy"
-  resources:
-  - poddisruptionbudgets
-  verbs:
-  - create
-  - get
-  - delete
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  resourceNames:
-  - workflow-controller
-  - workflow-controller-lease
-  verbs:
-  - create
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  resourceNames:
-  - rss-secrets
-  - argo-workflows-agent-ca-certificates
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: argoworkflow-workflow-controller-cluster-template
-  labels:
-    helm.sh/chart: argoworkflows-0.35.0
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/instance: rss
-    app.kubernetes.io/component: workflow-controller
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/part-of: argo-workflows
-rules:
-- apiGroups:
-  - argoproj.io
-  resources:
-  - clusterworkflowtemplates
-  - clusterworkflowtemplates/finalizers
-  verbs:
-  - get
-  - list
-  - watch

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-config-map.yaml

@@ -1,40 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argoworkflow-workflow-controller-configmap
-  namespace: {{ .Release.Namespace }}
-data:
-  config: |
-    instanceID: {{ .Release.Namespace }}
-    artifactRepository:
-      archiveLogs: true
-      s3:
-        accessKeySecret:
-          key: AWS_ACCESS_KEY_ID
-          name: argo-workflow-log-fakes3
-        secretKeySecret:
-          key: AWS_SECRET_ACCESS_KEY
-          name: argo-workflow-log-fakes3
-        bucket: mongo-backup
-        endpoint: tapr-s3-svc:4568
-        insecure: true
-    persistence:
-      connectionPool:
-        maxIdleConns: 5
-        maxOpenConns: 0
-      archive: true
-      archiveTTL: 5d
-      postgresql:
-        host: citus-headless.os-platform
-        port: 5432
-        database: os_framework_argo
-        tableName: argo_workflows
-        userNameSecret:
-          name: rss-secrets
-          key: pg_user
-        passwordSecret:
-          name: rss-secrets
-          key: pg_password
-    nodeEvents:
-      enabled: true
-

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-crb.yaml

@@ -1,27 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:argoworkflow-workflow-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argoworkflow-workflow-controller
-subjects:
-  - kind: ServiceAccount
-    name: argoworkflow-workflow-controller
-    namespace: {{ .Release.Namespace }}
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Release.Namespace }}:argoworkflow-workflow-controller-cluster-template
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argoworkflow-workflow-controller-cluster-template
-subjects:
-  - kind: ServiceAccount
-    name: argoworkflow-workflow-controller
-    namespace: {{ .Release.Namespace }}
-

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-deployment.yaml

@@ -1,90 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argoworkflow-workflow-controller
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/component: workflow-controller
-    applications.app.bytetrade.io/author: bytetrade.io
-    app.kubernetes.io/instance: argo
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: argoworkflows-workflow-controller
-    app.kubernetes.io/part-of: argo-workflows
-    app.kubernetes.io/version: v3.5.0
-    helm.sh/chart: argoworkflows-0.35.0
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: argo
-      app.kubernetes.io/name: argoworkflows-workflow-controller
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/component: workflow-controller
-        app.kubernetes.io/instance: argo
-        app.kubernetes.io/managed-by: Helm
-        app.kubernetes.io/name: argoworkflows-workflow-controller
-        app.kubernetes.io/part-of: argo-workflows
-        app.kubernetes.io/version: v3.5.0
-        helm.sh/chart: argoworkflows-0.35.0
-    spec:
-      serviceAccountName: argoworkflow-workflow-controller
-      serviceAccount: argoworkflow-workflow-controller
-      schedulerName: default-scheduler
-      containers:
-        - name: controller
-          image: quay.io/argoproj/workflow-controller:v3.5.0
-          imagePullPolicy: IfNotPresent
-          command: [ "workflow-controller" ]
-          args:
-          - "--configmap"
-          - "argoworkflow-workflow-controller-configmap"
-          - "--executor-image"
-          - "quay.io/argoproj/argoexec:v3.5.0"
-          - "--loglevel"
-          - "debug"
-          - "--gloglevel"
-          - "0"
-          - "--log-format"
-          - "text"
-          securityContext:
-            capabilities:
-              drop:
-                - ALL
-            runAsNonRoot: true
-            readOnlyRootFilesystem: true
-            allowPrivilegeEscalation: false
-          env:
-            - name: ARGO_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.namespace
-            - name: LEADER_ELECTION_IDENTITY
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: metadata.name
-          
-          ports:
-            - name: metrics
-              containerPort: 9090
-              protocol: TCP
-            - containerPort: 6060
-              protocol: TCP
-          livenessProbe: 
-            httpGet:
-              path: /healthz
-              port: 6060
-              scheme: HTTP
-            initialDelaySeconds: 90
-            timeoutSeconds: 30
-            periodSeconds: 60
-            successThreshold: 1
-            failureThreshold: 3
-
-      nodeSelector:
-        kubernetes.io/os: linux
-      
-     

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-sa.yaml

@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: argoworkflow-workflow-controller
-  namespace: {{ .Release.Namespace }}

framework/argo-workflow/.olares/config/cluster/deploy/workflow-controller-secrets.yaml

@@ -1,41 +0,0 @@
-
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: argo-workflow-log-fakes3
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-stringData:
-  AWS_ACCESS_KEY_ID: S3RVER
-  AWS_SECRET_ACCESS_KEY: S3RVER
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: workflow-role
-  namespace: {{ .Release.Namespace }}
-rules:
-- apiGroups:
-  - "*"
-  resources:
-  - pods
-  verbs:
-  - patch
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: workflow-rolebinding
-  namespace: {{ .Release.Namespace }}
-subjects:
-  - kind: ServiceAccount
-    namespace: {{ .Release.Namespace }}
-    name: default
-roleRef:
-  kind: Role
-  name: workflow-role
-  apiGroup: rbac.authorization.k8s.io

framework/argo-workflow/.olares/config/cluster/deploy/workflow-rb.yaml

@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: argoworkflow-workflow
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: argoworkflow-workflow
-subjects:
-  - kind: ServiceAccount
-    name: argo-workflow
-    namespace: {{ .Release.Namespace }}

framework/argo-workflow/.olares/config/cluster/deploy/workflow-role.yaml

@@ -1,49 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: argoworkflow-workflow
-  namespace: {{ .Release.Namespace }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-    verbs:
-      - get
-      - watch
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/log
-    verbs:
-      - get
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/exec
-    verbs:
-      - create
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - workflowtaskresults
-    verbs:
-      - create
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - workflowtasksets
-      - workflowartifactgctasks
-    verbs:
-      - list
-      - watch
-  - apiGroups:
-      - argoproj.io
-    resources:
-      - workflowtasksets/status
-      - workflowartifactgctasks/status
-    verbs:
-      - patch
-

framework/authelia/.olares/config/cluster/deploy/auth_backend_deploy.yaml

@@ -367,7 +367,7 @@ spec:
           privileged: true
       containers:      
       - name: authelia
-        image: beclab/auth:0.2.14
+        image: beclab/auth:0.2.15
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 9091

framework/bfl/.olares/config/launcher/templates/bfl_deploy.yaml

@@ -200,11 +200,13 @@ spec:
       labels:
         tier: bfl
       annotations:
+{{ if .Values.telemetry }}
         instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
         instrumentation.opentelemetry.io/go-container-names: "api"    
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/bfl-api"
         instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
         instrumentation.opentelemetry.io/inject-nginx-container-names: "ingress"    
+{{ end }}
     spec:
 {{ if .Values.bfl.admin_user }}
       affinity:
@@ -264,7 +266,7 @@ spec:
 
       containers:
       - name: api
-        image: beclab/bfl:v0.4.17
+        image: beclab/bfl:v0.4.18
         imagePullPolicy: IfNotPresent
         securityContext:
           runAsUser: 1000
@@ -325,7 +327,7 @@ spec:
               apiVersion: v1
               fieldPath: spec.nodeName
       - name: ingress
-        image: beclab/bfl-ingress:v0.3.11
+        image: beclab/bfl-ingress:v0.3.12
         imagePullPolicy: IfNotPresent
         volumeMounts:
         - name: ngxlog

framework/files/.olares/config/cluster/deploy/files_deploy.yaml

@@ -42,11 +42,13 @@ spec:
       labels:
         app: files
       annotations:
+{{ if .Values.telemetry }}
         instrumentation.opentelemetry.io/inject-nginx: "olares-instrumentation"
         instrumentation.opentelemetry.io/inject-nginx-container-names: "nginx"    
         instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
         instrumentation.opentelemetry.io/go-container-names: "gateway,files,uploader"    
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/filebrowser"
+{{ end }}
     spec:
       serviceAccount: os-internal
       serviceAccountName: os-internal
@@ -126,7 +128,7 @@ spec:
 {{ end }}
 
         - name: files
-          image: beclab/files-server:v0.2.82
+          image: beclab/files-server:v0.2.83
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: true

framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml

@@ -87,16 +87,15 @@ spec:
     spec:
       affinity:
         nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - preference:
-              matchExpressions:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
               - key: kubernetes.io/os
                 operator: In
                 values:
                 - linux
-              - key: node-role.kubernetes.io/master
+              - key: node-role.kubernetes.io/control-plane
                 operator: Exists
-            weight: 10
       serviceAccountName: tailscale
       securityContext:
         runAsUser: 1000

framework/knowledge/.olares/config/cluster/deploy/knowledge_deployment.yaml

@@ -1,609 +0,0 @@
-{{ $dbbackup_rootpath := printf "%s%s" .Values.rootPath "/rootfs/middleware-backup" }}
-
-{{- $share_secret := (lookup "v1" "Secret" "os-framework" "knowledge-share-secrets") -}}
-{{- $redis_password := "" -}}
-{{ if $share_secret -}}
-{{ $redis_password = (index $share_secret "data" "redis_password") }}
-{{ else -}}
-{{ $redis_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $redis_password_data := "" -}}
-{{ $redis_password_data = $redis_password | b64dec }}
-
-
-{{- $pg_password := "" -}}
-{{ if $share_secret -}}
-{{ $pg_password = (index $share_secret "data" "pg_password") }}
-{{ else -}}
-{{ $pg_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
-{{- $knowledge_nats_secret := (lookup "v1" "Secret" "os-framework" "knowledge-secrets") -}}
-{{- $nat_password := "" -}}
-{{ if $knowledge_nats_secret -}}
-{{ $nat_password = (index $knowledge_nats_secret "data" "nat_password") }}
-{{ else -}}
-{{ $nat_password = randAlphaNum 16 | b64enc }}
-{{- end -}}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  nat_password: {{ $nat_password }}
----
-
-apiVersion: v1
-kind: Secret
-metadata:
-  name: knowledge-share-secrets
-  namespace: {{ .Release.Namespace }}
-type: Opaque
-data:
-  pg_password: {{ $pg_password }}
-  redis_password: {{ $redis_password }}
----  
-
-
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-pg
-  namespace: {{ .Release.Namespace }}
-spec:
-  app: knowledge
-  appNamespace: {{ .Release.Namespace }}
-  middleware: postgres
-  postgreSQL:
-    user: knowledge_os_framework
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: pg_password
-          name: knowledge-share-secrets
-    databases:
-    - name: knowledge
-      extensions:
-      - pg_trgm
-      - btree_gin
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-redis
-  namespace: {{ .Release.Namespace }}
-spec:
-  app: rss
-  appNamespace: {{ .Release.Namespace }}
-  middleware: redis
-  redis:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: redis_password
-          name: knowledge-share-secrets
-    namespace: knowledge
----
-apiVersion: apr.bytetrade.io/v1alpha1
-kind: MiddlewareRequest
-metadata:
-  name: knowledge-nat
-  namespace: {{ .Release.Namespace }}
-spec:
-  app: knowledge
-  appNamespace: os
-  middleware: nats
-  nats:
-    password:
-      valueFrom:
-        secretKeyRef:
-          key: nat_password
-          name: knowledge-secrets
-    subjects:
-      - name: download_status
-        permission:
-          pub: allow
-          sub: allow
-      - name: "knowledge.*"
-        permission:
-          pub: allow
-          sub: allow
-    user: os-knowledge
----
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: knowledge
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: knowledge
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: knowledge
-  template:
-    metadata:
-      labels:
-        app: knowledge
-    spec:
-      serviceAccount: os-internal
-      serviceAccountName: os-internal
-      securityContext:
-        runAsUser: 0
-        runAsNonRoot: false
-      initContainers:
-      - name: init-data
-        image: busybox:1.28
-        securityContext:
-          privileged: true
-          runAsNonRoot: false
-          runAsUser: 0
-        volumeMounts:
-        - name: userspace-dir
-          mountPath: /data
-        - name: cache-dir
-          mountPath: /appCache
-        command:
-        - sh
-        - -c
-        - |
-          chown -R 1000:1000 /data && \
-          chown -R 1000:1000 /appCache
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-headless.os-platform
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: knowledge_os_framework
-          - name: PGPASSWORD
-            value: {{ $pg_password | b64dec }}
-          - name: PGDB
-            value: os_framework_knowledge
-      containers:
-      - name: knowledge
-        image: "beclab/knowledge-base-api:v0.12.14"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsUser: 0
-          runAsNonRoot: false
-        ports:
-        - containerPort: 3010
-        env:
-        - name: BACKEND_URL
-          value: http://127.0.0.1:8080
-        - name: RSSHUB_URL
-          value: 'http://rss-server.os-framework:1200'
-        - name: UPLOAD_SAVE_PATH
-          value: '/data/'
-        - name: SEARCH_URL
-          value: 'http://search3.os-framework:80'
-        - name: REDIS_PASSWORD
-          value: {{ $redis_password_data }}
-        - name: REDIS_ADDR
-          value: redis-cluster-proxy.os-platform
-        - name: PG_USERNAME
-          value: knowledge_os_framework
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-headless.os-platform
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: os_framework_knowledge
-        - name: DOWNLOAD_URL
-          value: http://download-svc.os-framework:3080
-        - name: YTDLP_DOWNLOAD_URL
-          value: http://download-svc.os-framework:3082
-        - name: NATS_HOST
-          value: nats.os-platform
-        - name: NATS_PORT
-          value: "4222"
-        - name: NATS_USERNAME
-          value: os-knowledge
-        - name: NATS_PASSWORD
-          value: {{ $nat_password | b64dec }}
-        - name: NATS_SUBJECT
-          value: os.download_status
-        - name: SOCKET_URL
-          value: 'http://localhost:40010'
-        - name: BACKUP_PATH
-          value: /backup/
-        volumeMounts:
-          - name: userspace-dir
-            mountPath: /data
-          - name: pgbackup
-            mountPath: /backup
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 1Gi
-
-      - name: backend-server
-        image: "beclab/recommend-backend:v0.12.10"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        env:
-        - name: LISTEN_ADDR
-          value: 127.0.0.1:8080
-        - name: REDIS_PASSWORD
-          value: {{ $redis_password_data }}
-        - name: REDIS_ADDR
-          value: redis-cluster-proxy.os-platform:6379
-        - name: RSS_HUB_URL
-          value: 'http://rss-server.os-framework:1200/'
-        - name: WE_CHAT_REFRESH_FEED_URL
-          value: https://recommend-wechat-prd.bttcdn.com/api/wechat/entries
-        - name: WECHAT_ENTRY_CONTENT_GET_API_URL
-          value: https://recommend-wechat-prd.bttcdn.com/api/wechat/entry/content
-        - name: PG_USERNAME
-          value: knowledge_os_framework
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-headless.os-platform
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: os_framework_knowledge
-        - name: WATCH_DIR
-          value: /data/
-        - name: YT_DLP_API_URL
-          value: http://download-svc.os-framework:3082/api
-        - name: DOWNLOAD_API_URL
-          value: http://download-svc.os-framework:3080/api
-        volumeMounts:
-          - name: userspace-dir
-            mountPath: /data
-        ports:
-        - containerPort: 8080
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "800m"
-            memory: 400Mi
-
-      - name: sync
-        image: "beclab/recommend-sync:v0.12.0"
-        securityContext:
-          runAsUser: 0
-          runAsNonRoot: false
-        env:
-        - name: USERSPACE_DIRECTORY
-          value: /data
-        - name: KNOWLEDGE_BASE_API_URL
-          value: http://127.0.0.1:3010
-        - name: PG_HOST
-          value: citus-headless.os-platform
-        - name: PG_USERNAME
-          value: knowledge_os_framework
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_DATABASE
-          value: os_framework_knowledge
-        - name: PG_PORT
-          value: "5432"
-        - name: TERMINUS_RECOMMEND_REDIS_ADDR
-          value: redis-cluster-proxy.os-platform:6379
-        - name: TERMINUS_RECOMMEND_REDIS_PASSOWRD
-          value: {{ $redis_password_data }}
-        volumeMounts:
-          - name: userspace-dir
-            mountPath: /data
-       
-      - name: crawler
-        image: "beclab/recommend-crawler:v0.12.1"
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-        env:
-        - name: KNOWLEDGE_BASE_API_URL
-          value: http://127.0.0.1:3010
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "800m"
-            memory: 800Mi
-        volumeMounts:
-          - name: cache-dir
-            mountPath: /appCache
-
-      volumes:
-      - name: userspace-dir
-        hostPath:
-          type: Directory
-          path: '{{ .Values.rootPath }}/rootfs/userspace'
-      - name: cache-dir
-        hostPath:
-          path: '{{ .Values.rootPath }}/userdata/Cache/rss'
-          type: DirectoryOrCreate
-      - name: pgbackup
-        hostPath:
-          path: '{{ $dbbackup_rootpath }}/pg_backup'
-          type: DirectoryOrCreate
-      - name: terminus-sidecar-config
-        configMap:
-          name: sidecar-ws-configs
-          items:
-          - key: envoy.yaml
-            path: envoy.yaml
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: rss-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: knowledge
-  ports:
-    - name: "backend-server"
-      protocol: TCP
-      port: 8080
-      targetPort: 8080
-    - name: "knowledge-base-api"
-      protocol: TCP
-      port: 3010
-      targetPort: 3010
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: knowledge-base-api
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: systemserver
-  ports:
-    - protocol: TCP
-      name: knowledge-api
-      port: 3010
-      targetPort: 3010
----
-
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: download
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: download
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: download
-  template:
-    metadata:
-      labels:
-        app: download
-    spec:
-      serviceAccount: os-internal
-      serviceAccountName: os-internal
-      securityContext:
-        runAsUser: 0
-        runAsNonRoot: false
-
-      initContainers:
-      - name: init-data
-        image: busybox:1.28
-        securityContext:
-          privileged: true
-          runAsNonRoot: false
-          runAsUser: 0
-        volumeMounts:
-        - name: config-dir
-          mountPath: /config
-        - name: download-dir
-          mountPath: /downloads
-        command:
-        - sh
-        - -c
-        - |
-          chown -R 1000:1000 /config && \
-          chown -R 1000:1000 /downloads
-      - name: init-container
-        image: 'postgres:16.0-alpine3.18'
-        command:
-          - sh
-          - '-c'
-          - >-
-            echo -e "Checking for the availability of PostgreSQL Server deployment"; until psql -h $PGHOST -p $PGPORT -U $PGUSER -d $PGDB -c "SELECT 1"; do sleep 1; printf "-"; done; sleep 5; echo -e " >> PostgreSQL DB Server has started";
-        env:
-          - name: PGHOST
-            value: citus-headless.os-platform
-          - name: PGPORT
-            value: "5432"
-          - name: PGUSER
-            value: knowledge_os_framework
-          - name: PGPASSWORD
-            value: {{ $pg_password | b64dec }}
-          - name: PGDB
-            value: os_framework_knowledge
-      containers:
-      - name: aria2
-        image: "beclab/aria2:v0.0.4"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          runAsNonRoot: false
-          runAsUser: 0
-        ports:
-        - containerPort: 6800
-        - containerPort: 6888
-        env:
-        - name: RPC_SECRET
-          value: kubespider
-        - name: PUID
-          value: "1000"
-        - name: PGID
-          value: "1000"
-        volumeMounts:
-        - name: download-dir
-          mountPath: /downloads
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-      - name: yt-dlp
-        image: "beclab/yt-dlp:v0.12.12"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        ports:
-        - containerPort: 3082
-        env:
-        - name: PG_USERNAME
-          value: knowledge_os_framework
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-headless.os-platform
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: os_framework_knowledge
-        - name: REDIS_HOST
-          value: redis-cluster-proxy.os-platform
-        - name: REDIS_PASSWORD
-          value: {{ $redis_password | b64dec }}
-        - name: NATS_HOST
-          value: nats.os-platform
-        - name: NATS_PORT
-          value: "4222"
-        - name: NATS_USERNAME
-          value: os-knowledge
-        - name: NATS_PASSWORD
-          value: {{ $nat_password | b64dec }}
-        - name: NATS_SUBJECT
-          value: os.download_status
-        volumeMounts:
-        - name: config-dir
-          mountPath: /app/config
-        - name: download-dir
-          mountPath: /app/downloads
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-      - name: download-spider
-        image: "beclab/download-spider:v0.12.13"
-        imagePullPolicy: IfNotPresent
-        securityContext:
-          allowPrivilegeEscalation: false
-          runAsUser: 1000
-
-        env:
-        - name: PG_USERNAME
-          value: knowledge_os_framework
-        - name: PG_PASSWORD
-          value: {{ $pg_password | b64dec }}
-        - name: PG_HOST
-          value: citus-headless.os-platform
-        - name: PG_PORT
-          value: "5432"
-        - name: PG_DATABASE
-          value: os_framework_knowledge
-        - name: REDIS_HOST
-          value: redis-cluster-proxy.os-platform
-        - name: REDIS_PASSWORD
-          value: {{ $redis_password | b64dec }}
-        - name: NATS_HOST
-          value: nats.os-platform
-        - name: NATS_PORT
-          value: "4222"
-        - name: NATS_USERNAME
-          value: os-knowledge
-        - name: NATS_PASSWORD
-          value: {{ $nat_password | b64dec }}
-        - name: NATS_SUBJECT
-          value: os.download_status
-        volumeMounts:
-        - name: download-dir
-          mountPath: /downloads
-        
-        ports:
-        - containerPort: 3080
-        resources:
-          requests:
-            cpu: 20m
-            memory: 50Mi
-          limits:
-            cpu: "1"
-            memory: 300Mi
-
-      volumes:
-      - name: config-dir
-        hostPath: 
-          type: DirectoryOrCreate
-          path: '{{ .Values.rootPath }}/userdata/Cache/download'
-      - name: download-dir
-        hostPath:
-          type: DirectoryOrCreate
-          path: '{{ .Values.rootPath }}/rootfs/userspace'
----
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: download-svc
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: download
-  ports:
-    - name: "download-spider"
-      protocol: TCP
-      port: 3080
-      targetPort: 3080
-    - name: "aria2-server"
-      protocol: TCP
-      port: 6800
-      targetPort: 6800
-    - name: ytdlp-server
-      protocol: TCP
-      port: 3082
-      targetPort: 3082

framework/market/.olares/config/cluster/deploy/market_deploy.yaml

@@ -71,9 +71,11 @@ spec:
         app: appstore
         io.bytetrade.app: "true"
       annotations:
+{{ if .Values.telemetry }}
         instrumentation.opentelemetry.io/inject-go: "olares-instrumentation"
         instrumentation.opentelemetry.io/go-container-names: "appstore-backend"    
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: "/opt/app/market"
+{{ end }}
     spec:
       priorityClassName: "system-cluster-critical"
       initContainers:
@@ -270,8 +272,8 @@ spec:
     subjects:
       - name: "application.*"
         permission:
-          pub: allow
-          sub: deny
+          pub: deny
+          sub: allow
       - name: "market.*"
         permission:
           pub: allow

framework/rsshub/.olares/config/cluster/deploy/rss_deploy.yaml

@@ -1,47 +0,0 @@
-
-
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: rss-server
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app: rss-server
-    applications.app.bytetrade.io/author: bytetrade.io
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: rss-server
-  template:
-    metadata:
-      labels:
-        app: rss-server
-    spec:
-      containers:
-        - name: rss-server
-          image: beclab/rsshub-server:v0.0.5
-          imagePullPolicy: IfNotPresent
-          ports:
-          - containerPort: 1200
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: rss-server
-  namespace: {{ .Release.Namespace }}
-spec:
-  type: ClusterIP
-  selector:
-    app: rss-server
-  ports:
-    - name: server
-      protocol: TCP
-      port: 1200
-      targetPort: 1200
- 

framework/system-server/.olares/config/user/helm-charts/systemserver/templates/systemserver_deploy.yaml

@@ -42,9 +42,11 @@ spec:
       labels:
         app: systemserver
       annotations:
+{{ if .Values.telemetry }}
         instrumentation.opentelemetry.io/go-container-names: system-server
         instrumentation.opentelemetry.io/inject-go: olares-instrumentation
         instrumentation.opentelemetry.io/otel-go-auto-target-exe: /system-server
+{{ end }}
     spec:
       serviceAccountName: bytetrade-sys-ops
       serviceAccount: bytetrade-sys-ops

infrastructure/kubesphere/.olares/Olares.yaml

@@ -4,8 +4,6 @@ output:
   containers:
     - 
       name: beclab/ks-apiserver:0.0.21
-    - 
-      name: beclab/ks-controller-manager:0.0.21
     -
       name: kubesphere/kubectl:v1.22.0
 

platform/open-telemetry/.olares/config/cluster/deploy/opentelemetry_operator.yaml

@@ -10147,6 +10147,7 @@ webhooks:
     timeoutSeconds: 10
 
 
+{{ if .Values.telemetry }}
 ---
 apiVersion: opentelemetry.io/v1beta1
 kind: OpenTelemetryCollector
@@ -10240,6 +10241,7 @@ spec:
     exporters:
       jaeger_storage_exporter:
         trace_storage: some_store
+{{ end }}
 
 ---
 apiVersion: opentelemetry.io/v1alpha1